Eliminate blind spots in your SSL/TLS encrypted traffic.

Learn More

    Elliptic Curve Cryptography

    Elliptic Curve Cryptography
    20 Sep 2021

    Elliptic Curve Cryptography

    Read time: 5 minutes, 06 seconds

    Elliptic curve cryptography (ECC) offers an equivalent level and kind of security as RSA (or Diffie-Hellman) with abundant shorter keys. Table one compares the most effective current estimates of the key sizes for three different encryption approaches for comparable security levels against brute-force attacks. Bruteforcing, a symmetric-key cipher like AES, suggests that looking through the complete key-space means integer factorization for an algorithm like RSA and resolving the digital-logarithm problem for an algorithm like ECC. This table is a lot more significant due to the process burdens of RSA and ECC being comparable for comparable key lengths, which implies that it takes a sixth of the processing effort with ECC to supply an equivalent level of cryptographic security that we tend to get with 1024-bit RSA.

    Symmetric Encryption in bits RSA and Diffie-Hellman “Key” size in bits ECC “Key” size in bits
    80 1024 160
    112 2048 224
    128 3072 256
    192 7680 384
    256 15360 512

    Table 1: Best estimates of the key sizes needed to achieve an equivalent level of security with three different methods.

    Since the key sizes are much smaller, smartcards can use ECC algorithms without mathematical coprocessors. Contactless smart cards work only with ECC as other systems require too much induction energy. Since shorter key lengths translate into faster handshaking protocols, ECC is becoming increasingly crucial for wireless communications. For the same reasons, we can also expect ECC to become essential for wireless sensor networks.

    ECDH Cryptosystem

    Elliptic Curve Diffie-Hellman (ECDH) is a version of the Diffie-Hellman key exchange algorithm for elliptic curves, that determines how two communication participants A and B, can generate key pairs and exchange their public keys via insecure channels. The algorithm determines only how key pairs are generated, and the user defines the relation between encryption keys and data to be encrypted. After the keys have been exchanged, it is common to use symmetric encryption methods. In practice, the ECDH cryptosystem can be successfully adapted to different data security solutions.

    ECDSA Crypto System

    Elliptic Curve Digital Signature Algorithm (ECDSA) is DSA (Digital Signature Algorithm) digital signature standard analog for elliptic curves. Similar to DSA, the goal of ECDSA is to provide verifiable digital signatures for data messages. The author signs the data message by using his private key, and the digital signature is added to the content of the message and can be freely validated by using the message author’s public key. Private keys are generated very much like to ECDH cryptosystem. If P and Q are two points on an elliptic curve, the private key is the discrete logarithm m=logPQ.

    Implementation Issues

    Implementation issues of elliptic curve-based cryptosystems can be divided into four abstract categories.

    1. The first category includes technical errors concerning hardware and software implementations in the form of lack of authentication, inadequate RAM and media protection, errors in algorithms, incorrect network infrastructure, etc. For those security problems, it is expected that the sensitive information, including private encryption keys, can come at the disposal of third parties without attempts to break the cryptosystem’s fundamental security background but by accessing the data directly through the hardware and software security holes. This is the most common implementation issue and is not related to the security of the fundamentals of a cryptosystem, and it is associated with insufficient software testing and computer system security audits.
    2. The second type of implementation issue is associated with selecting underlying elliptic curves and prime fields. There are classes of weak elliptic curves. For instance, it is possible to solve the discrete logarithm problem in polynomial time for a specific type of curve where #E(Fp) = p – the number of points on a curve is equal to the number of elements in a finite field. Also, it is essential to select large enough subgroups of E(Fp) to avoid feasible calculation of discrete logarithms by methods such as the Pollard-p method. To ensure maximum security of the cryptosystem, it is advisable to use verifiably random elliptic curves and prime fields such that the order of group #E(Fp) is divisible by a sufficiently large prime number n where n > 2160.
    3. The third type of implementations issues is associated with the performance of E(Fp) group operations like addition and scalar multiplication. It is advisable to use Mersenne primes, which can significantly improve the scalar multiplication operation. This result is related to the processor architecture that enables the effective execution of module arithmetic operations with the binary representation of the number, which is close to the power of two. Also, it is essential to select the most appropriate coordinate system to improve the performance of group operations. Depending on the selected coordinate system, the performance of group operations may vary. For instance, the performance of scalar multiplication can be improved by using the Jacobi coordinate system when the scalar multiplication takes place with an even number (point doubling).
    4. The fourth type of implementations problems is associated with private key management. It is required to ensure that the private keys are being re-calculated and re-issued regularly. Usage of constant private keys seriously increases the risk of keys being intercepted by a third party. The most typical example is the interception of a private key from 2010 with the Sony PlayStation application signature cryptosystem, where a constant private key was used for all issued digital signatures.

    Benefits of elliptic curve-based cryptosystems versus RSA cryptosystem

    • Key size: The key of an elliptical curve-based cryptosystem takes significantly less memory, and the ratio increases rapidly with the increase of security levels. For instance, an RSA cryptosystem with a key length of 1024 bits is equivalent to an elliptic curve cryptosystem with a key length of 160 bits.
    • Cryptographic operations performance: Cryptographic operations such as key and digital signature generation are carried out significantly faster thanks to the smaller keys. For instance, an elliptic curve cryptosystem with a key length of 233 bits corresponds to the RSA cryptosystem with 2240 bits. In the first case, the key is generated approximately 40 times faster.
    • Resource savings: Due to the smaller key sizes, algorithms of the elliptic curve-based cryptosystems can be executed on minimal resources.

    Disadvantages of elliptic curve-based cryptosystems versus RSA cryptosystem

    • Significantly more complex mathematical backgrounds.
    • A relatively large group of weak elliptic curves.
    • Lack of research.


    Despite the several decades-long histories of elliptic curve cryptography, there is still a lack of research. The popular RSA cryptosystem is more widely studied. A significant lack of research is one of the main reasons elliptic curve-based crypto systems have shown low popularity nowadays. It is possible to conclude that the lack of research is related to the relatively complex mathematical foundation of elliptic curves and the lack of interest from the systems developers. It is expected that elliptic curves will play a growing role in various implementations. 

    The discrete logarithm problem is algorithmically more complex than the integer factorization problem, allowing a significant reduction in the public key cryptographic key size, thus speeding up various cryptographic operations. 

    Elliptic curve-based cryptosystems can be effectively used on low resources and power system solutions such as smart cards, mobile devices, sensors, and so on.

    Want to learn from HSM Experts

    We train some of the biggest names in the industry through virtual & Live Classes

    Get a Free Quote for your HSM training

    Free Downloads for Encryption consulting Advisory